StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

PKI and Ecommerce Significance - Coursework Example

Summary
"PKI and Ecommerce Significance" paper presents an analysis of the public key infrastructure and associated X. 509 certificates. The main area of discussion is the analysis of the external and internal e-commerce systems that can be secured using PKI, e-commerce significance, and benefits of PKIs…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.2% of users find it useful
PKI and Ecommerce Significance
Read Text Preview

Extract of sample "PKI and Ecommerce Significance"

PKI and Ecommerce Significance This paper presents analysis of the public key infrastructure and associated X. 509 certificates. The main area of discussion in this research will be the analysis of the external and internal e-commerce systems that can be secured using PKI, ecommerce significance and potential benefits of PKIs. According to Weise (2001) a public key infrastructure or PKI facilitates users of a mainly unsecure public network like that internet to strongly and securely exchange information and data as well as money through the utilization of a public and a private cryptographic key combination that is acquired and shared in the course of a trusted authority. In addition, the PKI offers a digital certificate that is capable to recognize a person or a corporation as well as directory services that could be stored and revoked as needed through the certificates. However, the mechanism of a public key infrastructure is normally recognized through numerous diverse vendor techniques and services (Weise; Brown, Nieto and Boyd). Brayton, Finneman, Turajski, & Wiltsey (2006) outlined that PKI is an application of public key cryptography that is the extensively used technique on the internet for encrypting a message or validating a message to sender. In addition, conventional cryptography has typically concerned with the formation as well as sharing a secret key intended for the decryption and encryption of messages. However, these private and secret key structures have the considerable fault that if the key is revealed or captured by someone else, the basic messages could be easily decrypted. Therefore, PK cryptography or PKI is the favorable technique on the internet. The private key structure is normally recognized as symmetric cryptography and the public key method like an asymmetric cryptography (Brayton, Finneman and Turajski; Levi, Caglayan and Koc). PKI and X. 509 certificates According to Adams & Farrell (1999) in cryptography the X.509 is an ITU-T standard intended for a PKI intended for SSO (single sign-on) and PMI (Privilege Management Infrastructure). In addition, the X.509 identifies with a standard formats support of public key certificate revocation lists, certificates, certification path and attributes certificates validation algorithm (Adams and Farrell; Hutchinson and Sawyer). According to Ford & Polk (1999), in X.509 structure, a CA presents a certificate compulsory for a PK to a particular distinguished name in the X.500 practice, or to an alternative name like that as an a DNS-entry or e-mail address (Ford and Polk). As Adams & Farrell (1999) stated that X.509 is as well comprises principles intended for CRL (or certificate revocation list) establishment, a frequently ignored feature of public key infrastructure systems. In addition, the IETF standard method of inspecting a certificates strength is the OCSP (Online Certificate Status Protocol). And, Firefox 3 allows online certificate status protocol inspection through default (Adams and Farrell). Ecommerce systems security using PKI Sant (1999) stated that public key cryptography is mainly grown-up technology available for ecommerce based security. The certificate authority offered through the PKI basically provides as a trusted third party. In addition, the certificate authority validates a user according to particular measures, as well as concerns a certificate group of together private and public keys. However, the private key is normally produced on the user’s system, as well as never leaves that system. Thus, this defends the private key as a result that it never desires to navigate the overall ecommerce network. Through the private key could also be secluded through a pass expression, Therefore, the people can not covertly eliminate the private key. Furthermore, for higher security, the private key could be stored on a hardware security token, like that a smart card, that is transferable as well as could be utilized on numerous computers (Sant). According to Sant (1999), a public key infrastructure is a reliable, strong technology intended for protecting ecommerce data and information transmission or distribution throughout the internet. However, it is common in corporations for protecting e-commerce, although the PKI technology offers far more worth that still is not recognized. For instance, public key infrastructure technology offers digital certificates that recognize ecommerce organization and business by means of unique digital IDs. Furthermore, the infrastructure of public key technology facilitates the delivery of requirements intended for certificates, revokes certificates and issues certificates. In core, public key infrastructure offers a channel of trust (Sant; Laudon and Laudon). In public key infrastructure an ecommerce transaction is encrypted through a public key, as well as decrypted through a private key. In addition, the public key is extensively spread, although simply the receiver has the private key. For verification (establishing the identity of the transmitter, as simply the transmitter has the exact key) the hidden/encrypted message is encrypted once more, however this time by means of a private key. Similar measures form the foundation of RSA (employed through banks as well as governments) and pretty good privacy, utilized to encrypt ecommerce data (Sant). Self-signed and commercially signed certificates SSL certificates are significant for establishing an encrypted connection/link between a server and client. In addition, the clients that acknowledge a signed SSL certificate will be capable to set up an encrypted link with the server. Also, the encrypted links are employed through webmasters to build protected websites, similar to e-commerce websites, wherever additional safety is essential to avoid eavesdropping (Vedetta). Furthermore, the Self signed certificate of X.509 version-1 certificates are intended to handle key-stores. Also, the certificates and keys are employed to digitally sign applications and applets (Sun). Non-repudiation and E-commerce Non-Repudiation is the declaration that somebody cannot disallow something. Normally, non-Repudiation refers to the capability to make certain that a party to an agreement or a communication cannot reject the dependability of their mark on a certificate or the transaction of a message that they created. For a lot of years, establishment has required to build repudiation unfeasible in a number of circumstances. In addition, we might transmit registered mail, intended for instance; therefore the receiver cannot reject that a letter that was delivered. Likewise, an authorized document normally necessitates witnesses to signing therefore that the person who signs is nor able to reject that (TechTarget). For ecommerce as well as for the other online transactions there must be need for secure transaction. In addition, in these transactions, both the sender and transmitter parties are (authentication), as well as transaction are confirmed as final. Also, the systems have to make sure that a party could not consequently reject an ecommerce transaction. Furthermore, to secure and guarantee digital trust, the sender and receiver systems can make use of digital signatures, those will not simply verify the sender, however will also ‘time stamp’ the web based transaction (Onieva, Zhou and Lopez). Implementation of PKI Khusial & McKegney (2005) stated that reimbursements of PKI are extensively reliant on the security strategy that validates them. However, exclusive of an effectively developed as well as maintained strategy a PKI will possibly fail and reason additional damage than good. In addition, the technologies comprised in PKI execution however are not limited to; IPSec, SSL, cryptography, S/MIME and digital signatures, even biometric authentication and smart card. In general, the business needs to recognize how PKI will develop the integrity, confidentiality and accessibility of the business as well as its ecommerce structure (Khusial and McKegney). According to Lam, Chung, Gu, & Sun (2003), the confidentiality regarding the PKI will guarantee that financial transactions among the customer and business and from the business to business are protected by means of SSL. In addition, the privacy is as well enhanced in email transmissions for the reason that digital records like that X.509 employed in S/MIME, are utilized to encrypt the message consequently that simply the recipient is able to view the message (Lam, Chung and Gu). The PKI significantly augments the reliability of the organization’s performance and consequently ensures high levels of reliability. In addition, without a PKI based facilities web based and ecommerce transactions are transmitted in obvious text permitting not simply for 3rd parties to take information, however to as well further pretense like the company with harming the corporate reputation (Lam, Chung and Gu). However, the reality is that a PKI will perform the exact contradictory. In addition, without PKI the corporation would not be able to stop a hateful attack. If PKI is in position then hateful attacks would be typically prohibited permitting the company to carry on usually from routine. Consequently, the PKI permits for superior scalability of the network through bringing in VPN ability by means of SSL or IPSec permitting for enlargement in detached geographical locations (Lam, Chung and Gu). Conclusion This paper has presented a detailed analysis of the PKI and associated certificated. In this paper I have outlined some of the main areas and aspects of the PKI and its implementation areas. This paper has concluded that PKI based web security has turned out to be a vital part of online ecommerce. I hope this paper will offer an insight into the different aspects and areas of the PKI implementation, analysis and operating. Bibliography Adams, C. and S. Farrell. "Internet X.509 Public Key Infrastructure Certificate Management Protocols ." 1999. 03 February 2010 . Brayton, Jim, et al. "What is PKI?" 10 October 2006. TechTarget.com. 03 February 2010 . Brown, Jaimee, Juan M. Gonzalez Nieto and Colin Boyd. "fficient and secure self-escrowed public-key infrastructures." ASIAN ACM Symposium on Information, Computer and Communications Security, Proceedings of the 2nd ACM symposium on Information, computer and communications security. Singapore : ACM New York, USA , 2007. pp. 284 - 294. Ford, W. and W. Polk. "Internet X.509 Public Key Infrastructure Certificate and CRL Profile." 1999. 03 February 2010 . Hutchinson, Sarah E. and Stacey C. Sawyer. Computers, Coomunications, Information A users Introduction, 7th Edition. New York: Irwin/McGraw-Hill, 2000. Khusial, Darshanand and Ross McKegney. e-Commerce security: Attacks and preventive strategies. 13 April 2005. 03 February 2010 . Lam, Kwok-Yan, et al. "Security middleware for enhancing interoperability of Public Key Infrastructure." Computers & Security, Volume 22, Issue 6 (2003): pp. 535-546. Laudon, Kenneth. C. and Jane. P. Laudon. Management Information Systems, Sixth Edition. New Jersey: Prentice Hall , 1999. Levi, Albert, M. Ufuk Caglayan and Cetin K. Koc. "Use of nested certificates for efficient, dynamic, and trust preserving public key infrastructure ." Transactions on Information and System Security (TISSEC) , Volume 7 Issue 1 (2004): 21-59. Onieva, Jose A., et al. "Agent-mediated non-repudiation protocols." Electronic Commerce Research and Applications Volume 3, Issue 2, (2004): 152-162 . Sant, Chris Van. "E-COMMERCE SECURITY How Much is Enough?" 1999. 03 February 2010 . Sun. "X.509 Certificates and Certificate Revocation Lists (CRLs)." 2001. Sun.com. 03 February 2010 . TechTarget. "Nonrepudiation." 2009. TechTarget.com. 03 February 2010 . Turban, Efraim, et al. Information Technology for Management: Transforming Organizations in the Digital Economy . New York: Wiley, 2005. Vedetta. "Self-signed SSL certificates vs commercial SSL certificates: How Mozilla is killing self-signed certificates." 2008. 03 February 2010 . Weise, Joel. "Public Key Infrastructure Overview." 2001. Sun BluePrints™ OnLine. 03 February 2010 . Read More

CHECK THESE SAMPLES OF PKI and Ecommerce Significance

Transaction Security in E-commerce

This paper will discuss some of the important aspects that are associated with “transaction security in e-commerce”.... According to this scenario, this paper will address some of the important security issues that can emerge during online transactions (e-commerce transactions).... .... ... ... This study has presented a detailed analysis of the security issues and threats that can take place while using the Internet for performing business transactions....
10 Pages (2500 words) Research Paper

Security Technologies for Online Payments

Payment Gateway Get Started with an ecommerce Payment Gateway (n.... pki, encryption, and digital signatures are other technologies to ensure the provision of a secure platform for merchants and clients.... The paper "Security Technologies for Online Payments" describes that geolocation identifies the location of the user and alerts the system if any anomalies are found between the information retrieved from geolocation and the data entered by the customer....
5 Pages (1250 words) Literature review

Significant Importance of E-Commerce Security

This essay discusses that new technologies have been introduced through e-commerce to give a wider exposure and innovate new ways of conducting businesses.... E-commerce presence is important for expansion in business, dissemination of information and access to physically inaccessible markets.... ...
7 Pages (1750 words) Research Paper

E-commerce and its Importance in Business

This research proposal presents a detailed study of the importance of e-commerce in the present business environment.... The study will also investigate the way by which e-commerce helps the customers and whether e-commerce is more advantageous or it acts as a cause of concern.... ... ... ... With the rapid development of networking technologies during the early 1990's human being witnessed the commercialization of internet services....
4 Pages (1000 words) Research Proposal

Future of Electronic Commerce Technology

In the past few years e-commerce has evolved as an advanced platform which has not only simplified to manage and increase revenue to the threshold of technology but has also fueled the sophistication of pricing models along with the pricing process which the present technological revolution has expedited, while enhancing the future possibilities of revenue management....
4 Pages (1000 words) Essay

Information Systems and Security

The present age is the age of information technology; especially the ecommerce and communication technology has transformed the structure of business.... This research presents a detailed analysis of the "Information Systems and Security".... .... ... ... At the present time, there are better ways to communicate, transfer data, information retrieval as well as distribution, dealing and especially online business, but all these improvements in the fields of information technology also brought the challenges regarding the security....
8 Pages (2000 words) Essay

E-commerce and its Importance in Business

The study 'E-commerce and its Importance in Business' proposes to offer to examine and present how e-commerce has succeeded to change an organization's system of operation.... It will also investigate the way by which e-commerce helps the customers.... ... ... ... The study is significant as it will uncover the pros and cons of e-commerce....
5 Pages (1250 words) Research Proposal

E-Commerce Adoption in Saudi Arabi

The author outlines findings to identify reasons for the low popularity of ecommerce and the adoption of ecommerce in Saudi Arabia.... Currently, ecommerce is regarded as the key platform for streaming business activities as well as broadening product outreach.... These countries have been developing ecommerce platform aimed at promoting economical-social systems.... At the moment, the Kingdom enjoys a high growth rate of internet connectivity; the Kingdom is therefore moving aggressively towards large-scale adoption of the ecommerce systems....
8 Pages (2000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us